POST/conformance/v3/auth-mock/token
The client proceeds with the code flow, and calls the Token Endpoint with the required details and signs client_assertion JWT with client's private keys, which public key counterparts are resolvable through jwks_uri or is in the Client Metadata shared in the pre-registration step.
Request
- application/x-www-form-urlencoded
Body
Possible values: [authorization_code, urn:ietf:params:oauth:grant-type:pre-authorized_code]
MUST have the value
authorization_code
urn:ietf:params:oauth:grant-type:pre-authorized_code
REQUIRED when
grant_type
authorization_code
OAuth 2.0 Client Identifier valid at the Authorization Server.
Verifiable Accreditation Issuance: MUST be URL of the issuer requesting the accreditation that was registered with the Accreditation Issuer
REQUIRED when
grant_type
authorization_code
An opaque value that can be used to redeem tokens from the token endpoint.
code
response_type
code
The format of the assertion as defined by the authorization server. The value will be an absolute URI.
Wallet generated secure random token, used to validate the original
code_challenge
CONDITIONAL. The code representing the authorization to obtain Credentials of a certain type. This parameter is required if the
grant_type
urn:ietf:params:oauth:grant-type:pre-authorized_code
did:key:z2dmzD81cgPx8Vki7JbuuMmFYrWPgYoytykUZ3eyqht1j9KbsDbVZXdb3jzCagESyY4EE2x7Yjx3gNwctoEuRCKKDrdNP3HPFtG8RTvBiYStT5ghBHhHizH2Dy6xQtW3Pd2SecizL9b2jzDCMr7Ka5cRAWZFwvqwAtwTT7xet769y9ERh6
OPTIONAL. String value containing a user PIN. This value MUST be present if
user_pin_required
true
grant_type
urn:ietf:params:oauth:grant-type:pre-authorized_code
Responses
- 200
- 400
- 401
- 500
OK
- application/json
- Schema
- Example (from schema)
Schema
The access token issued by the authorization server.
The Access Token MUST be signed by the authorisation server.
The ID token issued by the authorization server.
Possible values: [bearer]
The access token type provides the client with the information required to successfully utilize the access token to make a protected resource request (along with type-specific attributes).
The lifetime in seconds of the access token. For example, the value "3600" denotes that the access token will expire in one hour from the time the response was generated.
Lifetime must be 86400 seconds.
JSON string containing a nonce to be used to create a proof of possession of key material when requesting a Credential (see Section 7.2 of OpenID for VCI). When received, the Wallet MUST use this nonce value for its subsequent credential requests until the Credential Issuer provides a fresh nonce.
The lifetime in seconds of the c_nonce token. For example, the value "3600" denotes that the access token will expire in one hour from the time the response was generated.
{
"access_token": "string",
"id_token": "string",
"token_type": "bearer",
"expires_in": 0,
"c_nonce": "string",
"c_nonce_expires_in": 0
}
Bad Request
- application/problem+json
- Schema
- Example (from schema)
- Bad Request
- Token Expired
- Issuer Not Found
Schema
Default value: about:blank
An absolute URI that identifies the problem type. When dereferenced, it SHOULD provide human-readable documentation for the problem type.
A short summary of the problem type.
Possible values: >= 400 and <= 600
The HTTP status code generated by the origin server for this occurrence of the problem.
A human readable explanation specific to this occurrence of the problem.
An absolute URI that identifies the specific occurrence of the problem. It may or may not yield further information if dereferenced.
{
"type": "about:blank",
"title": "Internal Server Error",
"status": 500,
"detail": "Connection timeout",
"instance": "string"
}
{
"title": "Bad Request",
"status": 400,
"detail": "Bad request."
}
{
"title": "Token Expired",
"status": 400,
"detail": "The token has expired."
}
{
"title": "Issuer Not Found",
"status": 400,
"detail": "Issuer not found in the trusted apps registry."
}
Unauthorised
- application/problem+json
- Schema
- Example (from schema)
- Unauthorised
Schema
Default value: about:blank
An absolute URI that identifies the problem type. When dereferenced, it SHOULD provide human-readable documentation for the problem type.
A short summary of the problem type.
Possible values: >= 400 and <= 600
The HTTP status code generated by the origin server for this occurrence of the problem.
A human readable explanation specific to this occurrence of the problem.
An absolute URI that identifies the specific occurrence of the problem. It may or may not yield further information if dereferenced.
{
"type": "about:blank",
"title": "Internal Server Error",
"status": 500,
"detail": "Connection timeout",
"instance": "string"
}
{
"title": "Unauthorized",
"status": 401,
"detail": "You are not authorized to access the resources."
}
Internal Error
- application/problem+json
- Schema
- Example (from schema)
- Internal Server Error
Schema
Default value: about:blank
An absolute URI that identifies the problem type. When dereferenced, it SHOULD provide human-readable documentation for the problem type.
A short summary of the problem type.
Possible values: >= 400 and <= 600
The HTTP status code generated by the origin server for this occurrence of the problem.
A human readable explanation specific to this occurrence of the problem.
An absolute URI that identifies the specific occurrence of the problem. It may or may not yield further information if dereferenced.
{
"type": "about:blank",
"title": "Internal Server Error",
"status": 500,
"detail": "Connection timeout",
"instance": "string"
}
{
"title": "Internal Server Error",
"status": 500,
"detail": "The server encountered an internal error and was unable to complete your request"
}